Drafting IT Master Services Agreements: Guidance for ...
Transcript of Drafting IT Master Services Agreements: Guidance for ...
Drafting IT Master Services Agreements:
Guidance for Purchaser and Vendor CounselDefining Project Scope and Obligations, Negotiating Pricing and Payment Terms, Interplay With Statements of Work
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 1.
WEDNESDAY, AUGUST 21, 2019
Presenting a live 90-minute webinar with interactive Q&A
George Kimball, Counsel, Wiggin and Dana, New Haven, Conn.
Brad L. Peterson, Partner, Mayer Brown, Chicago
Larry Schultis, Founding Partner, Schultis Law Group, New York
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-866-961-8499 and enter your PIN when prompted. Otherwise, please
send us a chat or e-mail [email protected] immediately so we can address
the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again.
FOR LIVE EVENT ONLY
Continuing Education Credits
In order for us to process your continuing education credit, you must confirm your
participation in this webinar by completing and submitting the Attendance
Affirmation/Evaluation after the webinar.
A link to the Attendance Affirmation/Evaluation will be in the thank you email
that you will receive immediately following the program.
For additional information about continuing education, call us at 1-800-926-7926
ext. 2.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
FOR LIVE EVENT ONLY
Drafting IT Master Services Agreements: Overview and Guidance for Purchaser ’s CounselStrafford Webinar
Brad PetersonPartner
312 701 8568
66
Market Recognition
“Band 1” ranking in IT/Outsourcing for 16 consecutive years (Chambers 2004-2019)
“We have never been disappointed. They are worth their weight in gold.” ~ Chambers USA
“They have current cutting-edge knowledge and are savvy about attuning their counsel to the needs of the client to arrive at a satisfactory solution to many sticky issues.”~ Chambers USA
“They are very good at being able to communicate and synthesize information in a useful and easily understandable way.” ~ Chambers USA
Law360 Firm of the Year 2016-2018 and 2016 Technology Practice Group of the Year
Ranked as one of the top law firms 2009 - 2019 on World’s Best Outsourcing Advisors list for The Global Outsourcing 100™
Named “MTT Outsourcing Team of the Year” in 2014 and ranked in the top tier from 2010 through 2019
Transform
Mayer Brown’s Technology Transactions Practice
• More than 50 lawyers around the world focused on helping clients develop and manage relationships with suppliers of critical services and technology
• Experience in 400 critical services sourcing deals with a total contract value exceeding $200 billion, including data, digital, outsourcing and software
77
Presenter
Brad Peterson leads Mayer Brown’s Technology Transactions practice is and based in the Chicago office. Brad has represented clients in hundreds of IT services transactions. He has extensive experience with data, digital, outsourcing, and software transactions.
Brad is top-ranked by Chambers, Legal 500 and many other legal ranking services.
Brad studied computer science at Northwester University as an undergraduate, earned an MBA from the University of Chicago, and later earned a JD from Harvard Law School. Before law school, he worked as a computer programmer and as an IBM Marketing Representative.
88
Agenda
• What is an IT services agreement?
• What drives value and risk in IT services agreements?
• What are the key elements of an IT services agreement?
• What is covered where under the Master Services Agreement?
99
Types of IT Services Agreements(“ITSAs”)
• Project
– Supplier provides professional services to design, build, program, configure, test and/or roll out an IT system
– Goal is to provide new IT systems to improve Purchaser’s capabilities
• Managed Services
– Supplier assumes responsibility for running a IT function on behalf of the Purchaser, such as data center, help desk, desktop, or network
– Goal is to run the formerly-internal IT function better, faster and cheaper than Purchaser can run that function internally
• Cloud / Automated Services
– Supplier provides a standardized, automated IT service
– Goal is to provide capabilities of systems and software at low cost
1010
What Drives Value?
• IT services agreements create value by improving the customer’s business results
• Supplier’s scale, tools, processes, and expertise may provide Purchasers with:
– Lower and more predictable costs– Better service and access to scarce skills– Better measurement and tighter control
• Converting fixed costs to variable costs may increase agility and improve financial metrics
• Handing over responsibility for ITfunctions may allow greater focuson core business
1111
What Drives Risk?
• Inherent difficulties in defining responsibilities
• Purchaser’s dependence on Supplier
• Inevitability of change
• Difficulty of reversing
• Supplier’s separate objectives and business model
1212
Key Risks for Purchasers
• Price Change Risk:
– Changes that trigger pricing changes are inevitable.
– Contours of change cannot be predicted so cannot pre-negotiate price.
– Pricing of change typically based on cost of additional services, but. . .
– Supplier typically has cost data that Purchaser cannot see.
– Purchaser’s options are typically limited.
• Quality Risk:
– Suppliers may cut costs to save money.
– Complex environments can reduce accountability.
– Purchaser’s options are typically limited.
– Supplier may pay penalties instead of fixing problems.
1313
Key Risks for Purchasers
• Data Security Risk:
– Suppliers may have copies of–and perhaps the only copies of–Purchaser data and will at least have access to Purchaser data
– Your data security is only as strong as your weakest Supplier’s
– Suppliers will have less incentive to protect data than Purchaser has due to limitations of liability
• Other Compliance Risk:
– Regulators increasingly view acts of Suppliersas acts of the regulated entity
– Suppliers will seek to excluderesponsibility for “Purchaser Laws”
– Employment law issues can arise
1414
Key Risks for Purchasers
• Exit Risks:
– Supplier may control key assets required by Purchaser: e.g., procedures, data, systems configurations, knowledgeable personnel, proprietary software, third-party software licenses and subcontracts
– As Purchaser’s risks increase, the less right Purchaser has to obtain required assets from Supplier
– Supplier personnel is focused on next opportunity
– There is potential disruption on transfer of responsibility for services
– Purchaser is highly dependent on Supplier cooperation
– Purchaser’s leverage over Supplier declines on termination
IT Services Agreements
15
1616
Key Elements of IT Services Agreement
IT Services Agreement
Transfers Services ChargesRisk
Allocation
1717
Transfers
Transferred Personnel
Transferred Assets
Transferred Contracts
IT Services Agreement
Transfers Services ChargesRisk
Allocation
1818
Services
Transition
Project
Ongoing
Exit
IT Services Agreement
Transfers Services ChargesRisk
Allocation
1919
Charges
IT Services Agreement
Transfers Services Charges
Fixed Charges
Variable Charges
Adjustments
Protections
Risk Allocation
2020
Risk Allocation
Representations and Warranties
Indemnities
Limitations on Liability
Controls
IT Services Agreement
Transfers Services ChargesRisk
Allocation
2121
Incentives and Governance
Governance
IT Services Agreement
Transfers Services ChargesRisk
Allocation
Incentives
Master Services Agreement
22
2323
Relationship of MSA and Supplements
Master Services Agreement Exhibits
& Annexes
MSA Exhibits and Annexes apply to all Supplements
The MSA contains the global terms and conditions and is incorporated by reference into each Supplement
Schedule B-X
Supplement Schedules
Supplement A(Initial Scope)
Supplement B(Future Scope)
Supplements define the scope, service levels, pricing and other business terms
A Supplement’s Schedules apply only to that Supplement
2424
Supplement Topics
• Term
• Services to be performed
• Service levels (for Ongoing)
• Milestones (for Projects)
• Charges
• Transition Plan (for Ongoing)
• Facilities
• Equipment
• Software
• Key Personnel
• Reports
• BC/DR Plan
• Scope-specific governance
• Approved subcontractors
• Managed Third Parties
• Applicable industry standards
• Transfers of people, assets, and contracts
• Purchaser authorized signers
2525
Key Questions for Purchasers in MSAs
1. How strong is the Services commitment?
2. Will Supplier comply with legal obligations?
3. Will Supplier agree to prices, without additional or surprise charges?
4. What are the invoicing and payment terms?
5. What are your options to control and govern?
6. Will you own the IP and data? If not, what rights will you have?
7. What are your options to disengage, and at what cost?
8. What are the Supplier’s incentives to create value and reduce risk?
2626
How Strong is the Services Commitment?
• Definition of “Services” that sweeps in inherent, necessary and customary functions, and what the purchaser was doing before the outsourcing, even if not described
• Warranty of work standards and Deliverables with obligations to reperform
• Services for “Eligible Recipients” designated by Purchaser
• Commitment to successful turnover of responsibility including as described in any transition plan
• Fully cooperation with Purchaser and its third party contractors
• Performing Services only from approved facilities
• Maintaining adequate internal controls
• Continuously improving Ongoing Services
• Continuing to perform despite disputes
26
2727
Will Supplier Comply With Legal Obligations?
• Compliance generally
– Supplier Laws and Purchaser Laws
– Purchaser Policies and Purchaser Rules
• Employment laws
– Employment transfer
– Immigration laws
– Co-employment
• Data management laws
– Access to Purchaser Network
– Confidentiality
– Data Security Obligations
– Protection of Personal Data
• Export control laws
• Anti-corruption laws
2828
Will Supplier Agree to Firm Prices, Without Additional or Surprise Charges?
• All charges are described in the Supplement, and the same pricing applies for additional Purchaser entities
• No charge for changes unless those charges are described in the Agreement or the changes constitute New Services or a billable Project
– “New Services” means new services or significant changes to existing Services requested by Purchaser, (i) that impose materially different obligations on Supplier, (ii) that require materially different levels of effort, resources or expense from Supplier, and (iii) for which there is no current Resource Baseline or charging methodology.
• No charge for facts differing from an assumption unless the assumption is agreed upon in the Statement of Work along with how the charge would be determined
• Allocation of tax responsibilities
• Right to cost-effective services and cost-reduction proposals
• Right to re-open pricing for Extraordinary Events (such as mergers)
• Right to benchmark and exit if charges remain over market
2929
What Are the Invoicing and Payment Terms?
• Invoices must comply with Purchaser billing requirements, including providing detailed chargeback data
• Charges will be allocated to Eligible Recipients based on a formula provided by Purchaser
• All charges must be invoiced within 90 days
• Payment terms, e.g. 60 days from receipt of invoice
• No interest due on late payments
• Right of set off
• Right to withhold disputed charges
3030
What Are Your Options to Control and Govern?
• “No Surprises”: Advance approval rights for changes that could increase charges, adversely impact the services, increase Purchaser’s total cost, etc.
• Visibility: Reports, audit rights, notice of key events, and other visibility
• Governance/Escalation: The contract provides an effective mechanism to manage the relationship, resolve disputes, escalate problems and retain the attention of senior Supplier management
• Control: Purchaser has enough control to cause the Services to meet its ever-changing needs
– Right to add New Services and/or reprioritize– Control over personnel
• Approval rights and retention obligations for “Key Personnel” • Replacement rights for personnel generally• Requirement for background checks, drug screening and substance abuse policy• But avoid co-employment risks
– Approval rights for subcontractors– Services to be performed in accordance with approved processes – Perform Services in accordance with Purchaser Standards, Purchaser Policies, and Purchaser Laws– Changes by Supplier limited by Change Control Procedures– Manage contract changes through Services Change Procedures– Agreed forms for Supplements, Projects and Change Orders
3131
Will You Own the IP and Data? If Not, What Rights Will You Have?
• US IP laws protect software, specifications, designs, analyses, processes, methodologies, concepts, inventions, secrets, know-how, etc. that are produced using human creativity
• US IP laws generally do not protect data or machine outputs
• Key questions:
– Which party owns IP developed under the ITSA?
– What rights will each party to use IP and data developed under the ITSA?
– What right will Purchaser have to use Supplier’s IP and data?
– What right will Supplier have to use Purchaser’s IP and data?
• Tip: Watch out for rights to “use customer data to improve our services” (etc.) or “in aggregated or anonymized form”
3232
What Are Your Options to Disengage?
• Right to in-source or re-source at any time
• Option to terminate for convenience with defined charges
• Options to terminate for material breach, including certain bright line tests
• Option to terminate for change of control of Supplier or other good reasons with reduced or no termination charges
• Supplier can terminate only for non-payment of material charges
• Right to disengagement services regardless of the reason for termination – including options to do the following at a defined cost:
– Obtain consulting services and “reverse transition” services
– Purchase or license assets and assume contracts
– Hire Supplier personnel
3333
What Are the Supplier’s Incentives to Create Value and Reduce Risk?
• Credits for failure to achieve Milestones and meet Service Levels
• Bonuses for generating value beyond contractual requirements
• Representations and warranties to put Supplier at risk for performance failures
• Indemnities to put Supplier at risk for its business risks
• Requirement to maintain insurance coverage (to have an insurer as an ally in reducing risk)
• Exposure to liability for damages
– Waiver of consequential and other indirect damages and cap on direct damages may blunt this incentive
– Exclusions from these limitations helps to restore incentive in correct areas
• Dispute resolution providing rapid and reasonable results
3434
Summary
• IT services agreements can provide value by reducing cost, improving service, increasing agility, and providing access to skills
• However, IT services agreements involves risk because of reduced control, the potential difficulty of change, including exit, and the disruption of employment relationships
• The structure of the master services agreement is designed to deliver the expected services at expected levels of quality and compliance for a reasonably firm price while mitigating the inherent risks of IT services agreements
Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) (collectively the “Mayer BrownPractices”) and non-legal service providers, which provide consultancy services (the “Mayer Brown Consultancies”). The Mayer Brown Practices and Mayer Brown Consultancies are established in various jurisdictions and may be a legal person or a partnership. Details of the individual Mayer Brown Practices and MayerBrown Consultancies can be found in the Legal Notices section of our website. “Mayer Brown” and the Mayer Brown logo are the trademarks of Mayer Brown. © Mayer Brown. All rights reserved.
mayerbrown.comAmericas | Asia | Europe | Middle East
35
35
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
George Kimball is a member of the outsourcing and technology practice at Wiggin and Dana LLP, where he and his colleagues advise suppliers of outsourced services. Before joining his present firm, he was Associate General Counsel at HP, and earlier in his career, a partner in three leading national firms. He has advised clients concerning contracts to outsource technology and other services for more than 25 years and wrote a book on the subject for Oxford University Press, Outsourcing Agreements: A Practical Guide, published in 2010. A California native and resident of Ann Arbor, Michigan, George is a graduate of UCLA, University College London and the University of Michigan, where he now teaches as an adjunct member of the law faculty. He is admitted to practice in California, Michigan and New York.
37
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Caveats
Views expressed are personal – not necessarily firm’s or clients’
Actual advice varies according to client, customer, offering, circumstances, etc.
38
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
39
Seek good business on acceptable terms
What’s good business?
• Successful, profitable delivery, durable relationship
• Acceptable terms
o Protect both sides’ legitimate interests,
o Motivate parties to perform, deter non-performance, provide good remedies
o Maximize possibilities for both parties to succeed
Lawyers’ crucial contribution – help to set the right tone
Goals
39
40
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Whispering campaigns
• ‘Too many redlines’. . . ‘hard to work with’
• Often, the whispers are unfair, calculated, tactical (and effective)
What to do?
• Choose your battles – focus on issues that affect cost, revenue, risks
• If you can live with language, risk, leave it alone. Resist temptation to edit, improve
• Selectivity can reinforce credibility if ‘no’ means mean ‘no’ ( not ‘maybe’ or ‘not yet’)
• Keep edits as succinct as reasonably possible, propose sensible, fair alternatives and be prepared to explain business reasons
Light touch
40
41
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Single most important issue (and source of disputes)
Risk to supplier – scope creep (often principal reason for substandard margins)
Essential principles
• Costs, charges, volumes of service should align, fluctuate together
• Additional service, if material, will cost more – there is no ‘free lunch’
Scope
41
42
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Whatever we’ve done (or allegedly remember) it’s all yours!
Vestige of early data center transactions
Effects
• Pick up incidental, inherent but unwritten items (legitimate)
• Shift to supplier all risk for white space, gray areas, vagueness in SOW (problematic)
• Risk – progressive margin erosion
Not appropriate for selective outsourcing, standard solutions
‘Sweep’ clauses
42
43
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Limit to work ‘reasonably related’ to SOW, outsourced functions
Limit to former services regularly performed, not discontinued
Never override SOW, but subject to its qualifications, limitations, exclusions
Exclude customer responsibilities, dependencies
Exclude general references to practice in customer’s industry
Both parties’ best protection: clear, comprehensive SOW
• Include all dependencies, customer responsibilities, etc.
• Clear qualifications, limitations, exclusions (where appropriate)
‘Sweep’ clauses – practice tips
43
44
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Principle – pay for material, additional service (no ‘free lunch’)
Pricing of changes
• Usually tied to contract rates, where applicable,
• Otherwise standard rates for relevant skills, services
Availability – when (if ever) are changes compensated?
o Changes in laws, regulations, related customer policies, etc.
o Changes in customer requirements, architecture, technologies
o Special requests (eg, support for investigations, mergers, divestitures)
Changes – contentious issues
44
45
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Common refrain, sprinkled throughout customers’ forms
What to do?
• Absorb incidental, minor costs – within contingency allowance
• Require compensation for material, additional cost and service
• Consider agreed materiality thresholds (eg, > x hours)
“at no additional cost”
45
46
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Can customer require additional work? Even without agreement on price?
Suppliers will agree, in certain circumstances, with conditions
• Urgent (eg, regulations require before an early date)
• Senior management so certifies
• Payment covers direct costs
• Early escalation to senior management for resolution
Mandatory changes
46
47
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Customers want to be up-to-date (though not all want ‘bleeding edge’)
No customer wants to inherit a museum when contract expires
Fair enough – but what’s in the price (and cost model)?
• Normal, evolutionary changes offered to all customers without additional charges
• Scheduled upgrades, refresh, etc. built into proposal, cost model and price (eg, N-1 currency for software, scheduled refresh cycle for hardware)
• Accelerated changes, paradigm shifts, etc. bear additional cost – no ‘free lunch’
• Discuss and deal separately with likely initiatives (cloud, robotics, analytics, etc.) don’t leave them to chance, debate, misunderstandings
Current technology
47
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
48
On the way in . . .
• Robust, comprehensive plan is both sides’ friend – likewise realistic schedules. Spell out both sides’ responsibilities, all dependencies
• Governance is crucial – each side needs someone in charge and empowered
• Remember it’s complicated, collaborative, full of dependencies. Forms that presume, assign sole responsibility to supplier deny reality
• Credits may be assessed for unexcused failures to meet milestones
• What about delays – supplier or customer fault? Force majeure delays?
On the way out . . .
• Orderly disengagement in case of expiration or termination (for any reason)
• Exhibit should outline basics – planning, disclosures, transfers of data, testing, etc.
• Isolate from any dispute – performance, payment, etc. should continue
• Additional skills, resources may bear additional cost
Transitions
48
49
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
General standards
• Avoid extravagant superlatives (eg, ‘world class’ – whatever that means)
• Apply only where service levels do not – cannot override
• ‘Industry standards’ (vague) vs. par with peers, competitors (could be proved)
Service levels
• Details largely entrusted to operations, delivery, customer consultants, SMEs
• Contain overall exposure – total of ‘pool,’ amount at risk, with more flexibility where offset by earn-backs, solutions are stable, proven so that actual risk minimal
• Beware of excessive complexity – what looks elegant, sophisticated on paper may be cumbersome, challenging to administer, chronic irritant in relationship
Performance standards
49
50
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Customer acts, omissions that delay, disrupt, prevent, interfere should excuse
• Customer-oriented forms limit protection to breach of express obligations, torts
Common law protection varies, often limited
• Impossibility, impracticability, frustration, etc. present formidable obstacles
Supplier should insist that customer acts, omissions that delay disrupt, interfere, prevent performance excuse delays, nonperformance
• Supplier should give notice, act reasonably to mitigate
• Inability to terminate should not preclude recovery of damages for customer’s breach
• Crucial importance in troubled transactions
o First Rule of Holes: If you’re in one, stop digging . . .
o Corollary to First Rule of Holes: Deep holes are joint ventures
Excused performance
50
51
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Do the usual litanies cover all potential risks?
• If not, there may be no protection – risk may be deemed assumed
Do they cover emerging risks?
• War vs. other hostilities (eg, ISIS, insurgencies, militias, ‘green men’)?
• Government acts – not only quarantines, embargoes, but cyberwar, surveillance, acts of security and intelligence agencies, sanctions?
Practice tips:
• Examine usual lists with care – do they cover what matters?
• Separate commercial from sovereign, extraordinary risks – against which commercial solutions may not protect
• Remember, in some states (eg, NY) catch-all language (‘other circumstances beyond the parties’ reasonable control) may be ineffective – unlisted risks deemed assumed
Excused performance – force majeure
51
52
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Common opening position – since we pay, we own
Suggested approach
• Ask practical questions – who needs what during, after the term?
• Break into manageable pieces
o Each owns what it has, including further developments
o Separate supplier’s commercial offerings from internal tools
o Tools rarely left behind, but there are substitutes – competitors have their own
o Third party IP – a commercial issue. What’s most efficient, economical?
o Price excludes bundles of 3rd party licenses after contract expires
o New developments – separate specially-commissioned, custom developments from incidental improvements in supplier’s tools, methods.
IP issues – avoid the morass
52
53
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
By whom? Usual suspects
At whose cost? Some suppliers prefer joint engagements
How soon? How often? After 12-24 months, every 12-24 months
Scope? All services, major segments (no ‘cherry-picking’)
Comparisons? Reasonable, current peer sample normalized for scope, service levels, geography, etc., exclude outliers, financial engineering, etc.
Competitive range? Within a reasonable ‘buffer’ (eg, 10%) around average or median of benchmarked sample not cheapest quartile cost for top quartile quality (ie, premium quality for bargain price)
Consequences? Meet, confer, adjust within a range (prospectively) or otherwise convenience termination (often for discounted fee) not match (possibly errant, low-ball) figure determined by benchmark
Price protection – benchmarks
53
54
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
All understand the ground rules:
• Customers may terminate for convenience, material breach
• Suppliers carry on so long as they are paid, may terminate for nonpayment (perhaps other egregious circumstances, such as intentional misappropriation of supplier’s IP)
Devils in the details
• Materiality – no ‘hair triggers’ permitting termination upon pretexts
• ‘Incurable’ breaches – usually cure of real issues is possible
• Epidemic, pervasive failures may be material, with notice and cure period
• Termination charges – appropriate if supplier is not at fault, cover stranded, shutdown costs in cases of termination for convenience, change of control, etc.
Remedies – termination
54
55
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
It’s not optional – everybody has to obey (increasingly stringent) laws
Usual allocation of compliance responsibility
• Each party responsible for laws applicable to its business, facilities, employees, etc.
• Supplier should not (often cannot) accept customer’s compliance obligations
• Supplier cannot give legal advice about compliance, reportable breaches, etc.
• Supplier may (usually will) be accountable for its compliance with processes, procedures, instructions approved by customer as compliant if customer responsible for (and indemnifies supplier against) errant processes, etc. attributable to customer’s misinterpretation, violations, etc.
Exceptions – compliance inherent in service (eg, taxes in payroll service)
Compliance
55
56
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Limit to third party claims – exclude bilateral performance issues, damages for breach provide sufficient remedy
Beware – may negate liability limits (if indemnified losses excluded)
Indemnities should be specific, focused, mutual, limited to reasonable range of potential third party claims, such as (among others):
• Infringements
• Bodily injury, death, damage to tangible property
• Breach of third party contracts
• Claims by displaced, transferred employees
• Noncompliance (excluding adherence to customer policies, compliance directives)
Indemnification
56
57
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Give notice to customer of actual incidents, serious threats (not all attempts)
Cooperate in investigation, remedial action, etc.
Consult regarding notice and other action
• Giving notice is customer’s obligation and decision
• Both parties have risks, indemnifying supplier won’t write blank check
Limit liability
• To extent of fault – meaning breach of obligations (outsourced solutions may reduce but cannot eliminate all risk – no absolute security)
• Reasonable, actual, specific costs (eg, notice, credit monitoring, civil penalties, claims by public agencies, data subjects)
• Cap overall financial exposure with liability limits
Indemnification – security incidents
57
58
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Customer fairly expects ample remedies
Supplier’s frame of reference
• Not an insurer, won’t ‘bet the company’
• Not a guarantor – can mitigate, help to manage but not eliminate risks
• Exceptions may apply in egregious situations
• Variables – the better the margin and solution, the more robust the customer’s own compliance, security and operations; the lower the risk – the greater the latitude in negotiation
o Rationale – why do Olympic athletes pay less for life insurance?
Liability Limits – Supplier’s Perspective
58
59
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Exclusions
• Consequential, indirect, exemplary damages
• Lost profits, revenues, anticipated savings, lost goodwill, reputational damage, etc.
o Practice tip: business losses may be recoverable as direct damages, if foreseeable so best excluded explicitly.
Basic limit – often 12 months’ revenue
Exceptions – unlimited liability
• Willful misconduct (eg, fraud, intentional torts)
• Gross negligence – where recognized, consider definition (not just big negligence claims)
• Abandonment (carve out good faith exercise of termination right for nonpayment)
• Selected indemnities (infringement, possibly others)
• Customer payment obligations
Usual framework
59
60
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Which indemnities?
• Infringement, with usual latitude to defend, substitute, pay, etc. excluding liability attributable to indemnitees’ infringing specs, modifications, misuse, etc.
• Bodily injury, property damage (insurable)
• Employment (low risk, modest exposure per claim)
• Taxes (low risk, modest exposure)
Cap liability for indemnities related to performance issues, human error, etc., including compliance and confidentiality, personal data
Breaches of confidentiality? Violations of law?
• Once common – but no longer market
• Possible exceptions – sensitive, business confidential information (e.g., trade secrets) rarely exposed in the course of performance, disclosure likely involves wrongdoing
Contentious issues – unlimited liability
60
61
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
Privacy, security, confidentiality
• Have a business conversation about risks, practicalities
• Separate provision for particular risks
• ‘Enhanced’ / Enlarged / or ‘Supercap’ – larger cap or deeper bucket for information security and privacy risks
The elephants in the room
61
© 2
01
6 W
igg
in a
nd
Dan
a L
LP
This presentation is a summary of legal principles.
Nothing in this presentation constitutes legal advice, which can only be
obtained as a result of a personal consultation with an attorney.
The information published here is believed accurate at the time of
publication, but is subject to change and does not purport to be a
complete statement of all relevant issues.
62
IT Master Services Agreements – Finding
Common GroundLarry Schultis,
Founder of Schultis Law Group PLLC
Keys to Finding Common Ground
• Keep a positive tone
• Understand the market
• Understand the present transaction
• Listen
• Remember what is important and practical
64
Keep a Positive Tone
• Negotiation can be the gentle art of letting others have your way – Key word is gentle
• Pounding the table closes ears; that is normally the technique for when you are not interested in middle ground
• Where others are combative, the calm voice of reason still can prevail
• Being positive does not mean being a push over; you can be polite and firm at the same time
• Where obnoxious counter parties are getting to you, take regular breaks
65
Understand the Market
• Being able to clearly (and honestly) articulate what is market is important– When you can, set your position so
negotiations land at a market resolution
• “This is market” is not the argument for everything, save it for where the other side really is out of market and cannot defend why they need to be
• Equally important to know where your position is out of market (and be able to defend it if you are called on it)
66
Understand the Present Transaction
• Who has leverage– How important is the deal to each party– Customer’s other options– Vendor’s market position– Size of each party
• Relationships with decision makers• Ways to minimize the other’s inherent advantages
– For customer, competitive procurements and competitive negotiations
– For vendor, getting decision maker buy in and leveraging the calendar
• What actually matters in this transaction• BATANA
67
Listen
• Positions and contract language is often broader than necessary
• The key to many difficult issues is to listen –what does the other side really want and what are they really worried about– Ask the other side to explain their position and
really listen– Acknowledge valid concerns; gently challenge
impractical and theoretical concerns– Where possible, propose language addressing
the valid concern as an alternative to overly broad positions (and be willing to do this on your over reaches too)
68
Remember What is Important and Practical
• What do you really need out of the transaction and what does the other side really need– A bad deal is worse than no deal; get what you need– What drives in costs and risks– The vendor should make money and the customer should get
what they paid for
• What would you do in the real world if the scenario arises– Middle ground lies on what is practical, not what is ideal
• What things are lawyers being lawyers– Goes back to understanding (or not) the transaction
• What is enforceable– Fluffy language in boilerplate is not the hill to die on– Use “may” and “commercially reasonable efforts”– For reputational clauses (and the like) can the language be
softened so that it will not be enforceable in court
69
Practical Examples
• Termination clause– Customer wants immediate termination and
vendor wants 60 days (hint: answer may not be 30 days)
• Service Levels as sole remedy– The service level floor
• Limits of liability– Caps, super caps and carve outs
• Indemnities– The usual, the ridiculous and the specific
• Intellectual Property– Yours, mine but only rarely ours
70